I added my site to Cloudflare, then changed the DNS. As I usually do. I’ve never had any problems until now.

as soon as Cloudflare goes on the site, I can no longer access the site error code:

you can solved this problem please ?

You have a DNSSEC issue.

As you have moved the site you will need to update copy the DS records from Cloudflare to your registrar…

(Doesn’t detect at .eu DNSSEC is enabled, but it is…)

DNSSEC is pending while we wait for the DS to be added to your registrar. This usually takes ten minutes, but can take up to an hour.

It’s already 1h more

After the records are updated at the registrar (and assuming they are correct), they then have to propagate to resolvers which can take some time, see here…

The best process is to disable DNSSEC before changing the nameservers to avoid downtime as DNSSEC does its job to protect DNS lookups.

Once DNSSEC is ok, Cloudflare should be able to generate the edge SSL certificate which is probably why you were seeing the error you were. I guess you aren’t using DNSSEC on your resolver hence the error message you got on your browser.

Yes, I have activated DNSSEC on my ovh domain. So that’s not the problem


As I said, if you have added the correct DS records, you now just need to wait for them to propagate.

i waited 24 hours, then deleted the site and started again because I thought it was a bug…

How many days should we wait?

If you deleted the site from Cloudflare, did you check and update the DS records from Cloudflare to OVH again? They may have changed.

DNSViz (which works from root servers) is still showing problems…

Alternatively just turn off DNSSEC at OVH and Cloudflare and, after a time, things should work then you can configure it again.

yes of course

Well, the DNSSEC information in the parent registry is still incorrect.

Cloudflare runs with algorithm 13 (ECDSAP256SHA256) with key tag 2371.

Your current DNSSEC information that is published in the registry for your domain, through OVH, has been configured with algorithm 8 (RSA256) with key tag 42380.

So if you have provided the correct information to OVH, and that they are not updating it for you, you would have to contact OVH and ask them to rectify that.

48 - 96 hours, that starts counting from the moment when the DNSSEC information has been successfully corrected.

24h + already :frowning:

If I understood correctly, I only have to wait

The DNSSEC records at the registrar are still not correct. Follow @DarkDevil’s advice here.
^^^ Click the “Show WHOIS” button to see the key information